Data transmission system

ABSTRACT

A cipher key is generated by first information shared in secrete between a data transmitting unit  10  and a data receiving unit  20,  second information derived from duplication control information of transmit data and third information which is time change information shared between the data transmitting unit and the data receiving unit to cipher data by a CPU  12  by using the above-mentioned cipher key to transmit, from the data transmitting unit  10  to the data receiving unit  20,  transmit data in which the duplication control information and the time change information are added to the ciphered data.

This is a continuation of application Ser. No. 09/719,449 filed Dec. 12,2000, which is a 371 OF PCT/JP00/02354 filed Apr. 11, 2000; the entiretyof which is incorporated herein by reference.

TECHNICAL FIELD

This invention relates to a data transmission system and a datatransmission method for carrying out transmission of data from a datatransmitting unit to a data receiving unit, and a data transmittingapparatus, a data transmitting method, a data receiving apparatus and adata receiving method.

BACKGROUND ART

In recent years, e.g., in homes, there are being popularised systems inwhich plural AV equipments are connected through digital interface tocarry out transmission of digital data such as music information orvideo information, etc. or record such data. For example, there havebeen developed AV equipments such as video camera, and Digital VersatileDisk (DVD) (Trade Name) player, etc. having interface of IEEE (TheInstitute of Electrical and Electronics Engineers, Inc.) 1394 highperformance serial bus standard (hereinafter simply referred to as IEEE1394 serial bus) which is digital bus.

Meanwhile, ordinarily, cinema data, etc. are information havingcopyright, and it is therefore necessary to prevent an unjust copy byuser, etc.

In order to prevent unjust copy by user, etc. e.g., in Mini Disk (MD)(Trade Name) system, there is used a method called SCMS (Serial CopyManagement System). SCMS data is information caused to undergotransmission along with music data by digital interface. Suchinformation indicates that music data is any one of data of copy free,copy once allowed and copy prohibited. In the case where mini diskrecorder receives music data from digital interface, it detects SCMS,whereby when SCMS is copy prohibited, it does not record music data ontomini disk, when SCMS is copy once allowed, SCMS information is changedinto copy prohibited and such recorder records SCMS data together withreceived music data, and when SCMS is copy free, SCMS information iscaused to be as it is and such recorder records SCMS information alongwith received music data.

In a manner stated above, in the mini disk system, SCMS is used toprevent that data having copyright is unfairly copied.

Moreover, in such a data transmission system to carry out transmissionor recording of digital data such as music information or videoinformation, etc. through digital interface, there is proposed a systemof carrying out transmission in the state where duplication controlinformation is stored in packet header of data packet on thetransmission path.

This duplication control information is defined by, e.g., 2 bits asfollows.

00: No copy limitation

10: Only once copy is allowed

01: Copy is prohibited more than that

11: Copy is primarily prohibited

Recording equipment which has received data packet tests (checks)duplication control information in recording data, whereby when theduplication control information indicates “01” or “11”, i.e., copyprohibit, the recording equipment does not carry out recording ofreceived data. Moreover, when the duplication control informationindicates “10”, i.e., copy once allowed, the duplication controlinformation is changed into “01”, i.e., changed into prohibit more thanthat, whereupon the recording equipment records received data withrespect to recording media.

In a manner stated above, generation of copy generated from originaldata is limited.

Further, in order to have compulsory force with respect to thelimitation system of the copy generation, there is also used a method ofciphering data to carry out transmission thereof, whereby only makerwhich makes a contract to manufacture only equipments that observe orobey the copy generation limitation system is allowed to licenseinformation necessary for cryptography and decode operation, etc.

Meanwhile, in the system of transmitting data packet on transmissionpath in the state where duplication control information is stored in thepacket header thereof, in the process where packet is transmitted fromthe transmitting equipment to the receiving equipment, there is thepossibility that duplication control information may be altered by anyother equipment.

For example, as shown in FIG. 1, even if duplication control informationof packet header of data packet is transmitted from the datatransmitting unit 1 side at “11” indicating meaning of copy prohibit,when there is duplication control information altering attack duringtransmission, and the duplication control information is altered into“10” indicating once copy permission, the data receiving unit 2 sidewhich has received this packet cannot recognize that this data isprimarily copy-prohibited. Since duplication control information ofpacket header allows once recording, data would be recorded.

As described above, in the conventional data transmission method, thereis the possibility that copy generation management cannot be made.

DISCLOSURE OF THE INVENTION

Therefore, in view of problems of the prior arts as described above, anobject of this invention is to provide a data transmission system, adata transmission method, a data transmitting apparatus, a datatransmitting method, a data receiving apparatus and a data receivingmethod which can reliably carry out copy generation management.

The data transmission system according to this invention comprises adata transmitting unit for generating a cipher key on the basis of firstinformation shared in secrete between a data transmitting unit and adata receiving unit, second information derived from duplication controlinformation of data and third information which is time changeinformation shared between the data transmitting unit and the datareceiving unit to cipher data by using the cipher key to transmittransmit data in which control information based on the duplicationcontrol information and the time change information is added to theciphered data; and the data receiving unit adapted to receive thecontrol information added and ciphered data sent from the datatransmitting unit to generate cipher key on the basis of firstinformation shared in secrete between the data receiving unit and thedata transmitting unit, second information derived from the controlinformation of the received data and third information which is timechange information shared between the data receiving unit and the datatransmitting unit to decode the received data by using the cipher key.

Moreover, in the data transmission method according to this invention,cipher key generated by first information shared in secrete between adata transmitting unit and a data receiving unit, second informationderived from duplication control information of transmit data and thirdinformation which is time change information shared between the datatransmitting unit and the data receiving unit is used to cipher data tocarry out transmission thereof.

Further, in the data transmission method according to this invention, ata data transmitting unit, a procedure is taken to generate cipher key onthe basis of first information shared in secrete between the datatransmitting unit and a data receiving unit, second information derivedfrom duplication control information of data and third information whichis time change information shared between the data transmitting unit andthe data receiving unit to cipher data by using the cipher key totransmit transmit data in which control information based on theduplication control information and the time change information is addedto the ciphered data; and at the data receiving unit, a procedure istaken to receive the control information added and ciphered data sentfrom the data transmitting unit to generate cipher key on the basis offirst information shared in secrete between the data receiving unit andthe data transmitting unit, second information derived from the controlinformation of the received data and third information which is timechange information shared between the data receiving unit and the datatransmitting unit to decode the received data by using the cipher key.

Further, the data transmitting apparatus according to this inventioncomprises: cipher processing means for generating cipher key on thebasis of first information shared in secrete between the datatransmitting apparatus and a data receiving apparatus, secondinformation derived from duplication control information of data andthird information which is time change information shared between thedata transmitting apparatus and the data receiving apparatus to cipherdata by using the cipher key; and transmitting means for transmittingtransmit data in which control information based on the duplicationcontrol information and the time change information is added to the dataciphered by the cipher processing means.

Further, in the data transmitting method according to this invention, aprocedure is taken to generate cipher key on the basis of firstinformation shared in secrete between a data transmitting unit and adata receiving unit, second information derived from duplication controlinformation of data and third information which is time changeinformation shared between the data transmitting unit and the datareceiving unit to cipher data by using this cipher key to transmittransmit data in which control information based on the duplicationcontrol information and the time change information is added to theciphered data.

Further, the data receiving apparatus according to this inventioncomprises: receiving means for receiving control information added andciphered data sent from a data transmitting apparatus, the controlinformation being based on duplication control information and timechange information; and decode processing means for generating, withrespect to received data received by this receiving means, cipher key onthe basis of first information shared in secrete between the datareceiving apparatus and the data transmitting apparatus, secondinformation derived from the control information of the received dataand third information which is time change information shared betweenthe data receiving apparatus and the data transmitting apparatus todecode the received data by using the cipher key.

In addition, in the data receiving method according to this invention, aprocedure is taken to receive control information added and ciphereddata sent from a data transmitting apparatus, the control informationbeing based on duplication control information and time changeinformation, to generate, with respect to this received data, cipher keyon the basis of first information shared in secrete between a datareceiving apparatus and the data transmitting apparatus, secondinformation derived from control information of the received data andthird information which is time change information between the datareceiving apparatus and the data transmitting apparatus to decode thereceived data by using the cipher key.

BRIEF DESCRIPTION OF THE DRAWINGS

FIG. 1 is a view for explaining effect by duplication controlinformation altering attack.

FIG. 2 is a block diagram showing the configuration of data transmissionsystem to which this invention is applied.

FIG. 3 is a view showing the configuration of transmission frame(isochronous packet) caused to undergo transmission on IEEE 1394 serialbus.

FIG. 4 is a flowchart showing execution procedure of authentication/keyshared protocol in the data transmission system.

FIG. 5 is a flowchart showing processing procedure of the datatransmitting unit side in the authentication/key shared protocol.

FIG. 6 is a flowchart showing processing procedure of the data receivingunit side in the authentication/key shared protocol.

FIG. 7 is a flowchart showing procedure of data transmission processingin the data transmission system.

FIG. 8 is a flowchart showing processing procedure of the data receivingunit side in the data transmission processing.

FIG. 9 is a flowchart showing processing procedure of the data receivingunit side in the data transmission processing.

BEST MODE FOR CARRYING OUT THE INVENTION

Explanation will now be given with reference to the attached drawings inconnection with the best mode for carrying out this invention.

This invention can be applied to a data transmission system of theconfiguration as shown in FIG. 2, for example.

This data transmission system comprises a data transmitting unit 10 anda data receiving unit 20, and is caused to be of the configuration inwhich the data transmitting unit 10 and the data receiving unit 20 areconnected through a transmission path 30.

In the data transmission system of this embodiment, the datatransmitting unit 10 is set top box for receiving satellite digitalmulti-channel broadcast programs sent from, e.g., communicationsatellite, and is composed of a Central Processing Unit (CPU) 12, amemory 13, an input interface 14, a user interface 15, and aninput/output interface 16, etc., which are connected to an internal bus11. A satellite antenna 18 is connected to the input interface 14.Moreover, the input/output interface 16 is IEEE (The Institute ofElectrical and Electronics Engineers, Inc.) 1394 high performance serialbus interface (hereinafter simply referred to as IEEE 1394 interface)which is digital interface, and is connected to a transmission path 30.The transmission path 30 is a transmission path comprised of IEEE 1394serial bus.

In this data transmitting unit 10, the CPU 12 becomes operative inaccordance with a control program stored in the memory 13 to carry outvarious control operations such as channel selection operation ofprogram, etc. in accordance with operation information inputted throughthe user interface 15.

Further, this data transmitting unit 10 selects desired channel ofsatellite digital multi-channel broadcast signal by the input interface14 to which the receiving antenna 18 is connected to receive video dataor music data of desired channel to transmit the received video data ormusic data as contents data from the input/output interface 16 to thetransmission path 30.

In addition, the data receiving unit 20 is a recording unit forrecording contents data received by the data transmitting unit 10, i.e.,video data or music data onto recording medium such as magnetic tape ormagneto-optical disc, etc., and is composed of a Central Processing Unit(CPU) 22, a memory 23, an input/output interface 24, a user interface25, and a media access section 26, etc. which are connected to aninternal bus 21. The input/output interface 24 is IEEE 1394 interfacewhich is digital interface, and the transmission path 30 is connected tothe input/output interface 24.

In the IEEE 1394 standard, a transmission operation carried out withinthe network is called sub action, and the following two kinds of subactions are prescribed. Namely, as two sub actions, there are definedasynchronous transmission mode for carrying out ordinary datatransmission called “Asynchronous data transfer” and synchronoustransmission mode which guarantees transmission band called “Isochronousdata transfer”.

In this data transmission system, Isochronous data transfer which canensure transmission band is used to carry out transmission of music databetween the data transmitting unit 10 and the data receiving unit 20.

Here, the configuration of packet (isochronous packet) caused to undergotransmission by Isochronous transfer on IEEE 1394 serial bus which isthe transmission path 30 is shown in FIG. 3.

Namely, the isochronous packet consists, as shown in FIG. 3, of header,header CRC, data field and data CRC.

The header includes data_length, tag, channel, t code (tcode),duplication control information, Odd/Even bit and synchronous code sy.

The data_length indicates length of data field. The tag indicates formatof data caused to undergo transmission by isochronous packet. Thechannel is used for carrying out discrimination of desired packet fromplural isochronous packets caused to undergo transmission on the IEEE1394 serial bus and receiving it. The t code (tcode) is transaction codeand value indicating that corresponding transfer is isochronous transferis inserted thereinto. Odd/Even bit gives time change information whichis one of information which provide basis of calculation of contents keyKc. The duplication control information indicates whether or notduplication of contents data is permitted. The synchronous code sy isused for carrying out transmitting/receiving operation of synchronousinformation between the transmitting side and the receiving side, and isused for taking synchronization of contents data stored in the datafield such as video data and audio (speech) data, etc.

The header CRC is area into which CRC (Cyclic Redundancy Code) withrespect to data stored in the header is stored. Check of transmissionerror of header is carried out on the basis of the header CRC.

The data field is a field into which contents data such as video data oraudio (speech) data, etc. are stored.

The data CRC is an area into which CRC (Cyclic Redundancy Code) withrespect to data stored in the data field is stored. On the basis of thedata CRC, check of transmission error of data is carried out.

Further, the data receiving unit 20 receives contents data through theinput/output interface 24, whereby when such data can be recorded, itrecords such data onto recording medium such as magnetic tape ormagneto-optical disc, etc. by the media access section 26.

In addition, in the case where the data receiving unit 20 receivescontents data of recording prohibition, it simply outputs, withoutrecording such data onto recording medium by the media access section26, music data from an audio (speech) output terminal 26A and outputsvideo data from a video output terminal 26B.

In this data receiving unit 20, the CPU 22 is adapted to becomeoperative in accordance with control program stored in the memory 23 tocarry out various control operations such as recording operation andreproducing operation, etc. by the media access section 26 with respectto the recording medium in accordance with operation informationinputted through the user interface 25.

In this data transmission system, the contents data is ciphered bycipher key (contents key Kc) in a manner stated below and is stored intodata field of isochronous packet, and is caused to undergo transmissionalong with Odd/Even bit which provides time change information (timechange value Nc) stored in the header of that isochronous packet andduplication control information indicating whether or not duplication ofcontents data is permitted.

Namely, the data transmitting unit 10 and the data receiving unit 20constituting data transmission system respectively have in advanceindividual or common secrete information. Namely, in the case of theopen key system, such units have individual secrete information. In thecase of the common key system, they have common secrete information. Forexample, keys for equipment given from the key management organizationwhen respective equipments are manufactured are provided withinrespective equipments. In this case, they are assumed to have commonsecrete information as key for equipment. Moreover, respectiveequipments preserve, within the equipment, constant of n (e.g., n=64)bits corresponding to respective states of duplication controlinformation given from the key management organization. Namely,respective equipments originally have constant Ca corresponding toduplication control information indicating copy prohibition “11”(Copy-never), constant Cb corresponding to duplication controlinformation “10” indicating copy permissible with respect to only onegeneration (Copy-one-generation), constant Cc indicating that contentswhich were in “Copy-one-generation” state are once recorded contents andcorresponding to duplication control information “01” (No-more-copies)indicating copy prohibition more than that, and constant Cdcorresponding to duplication control information “00” (Copy-freely)indicating no copy limitation.

The data transmitting unit 10 is operative, in transmitting data, togenerate two random numbers of, e.g., m bits to allow one to be exchangekey Kx sent to the data receiving unit 20 in execution ofauthentication/key shared protocol and to allow the other to be initialvalue of time change value Nc used in data transmission. The exchangekey Kx is one of information serving as basis of calculation of contentskey Kc, and is sent from the data transmitting unit 10 to the datareceiving unit 20 by using key shared by authentication/key sharedprotocol. Further, in transmitting data, duplication control informationis written into packet header in correspondence with that data. Then,the exchange key Kx, time change value Nc (time change informationstored into header of isochronous packet) and the duplication controlinformation are used to calculate contents key Kc to cipher data byusing contents key Kc to store ciphered data into data field ofisochronous packet to transmit it to the transmission path along withpacket header.

When, e.g., the duplication control information is “10”, the contentskey Kc is calculated as follows, for example.Kc=J[Kx, Nc, Cb]

In this case, the function J is a function (one directional function) inwhich it is difficult to determine input from output. As a morepractical example of the function J, there may be used, e.g., SHA(Secure Hash Algorithm)-1 of FIPS (Federal Information ProcessingStandard) 180-1. In addition, the function J may be constituted by usingblock cryptography of DES (Data Encryption Standard), etc.

In the case where SHA-1 is used, bit connection (Kx∥ Nc∥ Cb) of Kx, Nc,Cb is inputted to SHA-1. It is to be noted that, as occasion demands,output of function J (160 bits in the case where, e.g., SHA-1 is used)is extended or contracted into the number of key bits of cryptographicalgorithm (56 bits e.g., in the case of DES) to allow it to be contentskey Kc. In the case where extension is made, it is sufficient torepeatedly arrange outputs plural times, for example. In the case wherecontraction is made, only necessary number of bits of high order or loworder are used.

The cryptographic technology such as DES or SHA-1, etc. is explained indetail in “Applied Cryptography (Second Edition), Wiley” by BruceSchneier.

Further, the data transmitting unit 10 sets value of Odd/Even bits ofdata packet in correspondence with time change value Nc. For example,setting is made such that values of the least significant bit of timechange value Nc and Odd/Even bit are in correspondence with each other.In this case, the data transmitting unit 10 updates time change value Ncby the time condition, e.g., 30 sec. to 2 minutes, etc., or thecondition of data quantity such as the number of packets or the numberof bytes of data transmitted from transmission start or the lastupdating. The updating of the time change value Nc is carried out bymaking increment with a predetermined time interval or quantity oftransmission being as timing. Further, contents key Kc is newlycalculated in accordance with updating of time change value Nc to ciphercontents by this contents key Kc to store the ciphered contents intopacket. In addition, value of Odd/Even bits of data packet is changed.

In this data transmission system, prior to the above-mentioned datatransmission, protocol for authenticating both equipments and forsharing the cipher key is executed between the data transmitting unit 10and the data receiving unit 20. In more practical sense, afterauthentication/key shared protocol as shown in the flowchart of FIG. 4is executed, data transmission is carried out. The processing procedureof the data transmitting unit 10 side in this data transmission systemis shown in the flowchart of FIG. 5 and the processing procedure of thedata receiving unit 20 side is shown in the flowchart of FIG. 6.

In this example, in FIG. 4 showing the authentication/key sharedprotocol, the data transmitting unit 10 is represented by Source DeviceA and the data receiving unit 20 is represented by Sink Device B.

Further, in this data transmission system, CPU 12 of the datatransmitting unit 10 first transmits, to the data receiving unit 20,through the transmission path 30, start command for startingtransmission of data from the input/output interface 16 (step S10).

The CPU 22 of the data receiving unit 20 is operative so that when itreceives START command sent from the data transmitting unit 10 throughthe transmission path 30 connected to the input/output interface 24(step S20), it generates random number R_(B) of m (e.g., m=64) bits totransmit bit connection (R_(B)∥ID_(B)) of this random number R_(B) andidentifier ID_(B) of the data receiving unit 20, through theinput/output interface 24, to the data transmitting unit 10 along withstart request (Request authentication) of the authentication/key sharedprotocol (step S21).

When the CPU 12 of the data transmitting unit 10 receives start request(Request authentication) of authentication/key shared protocol and bitconnection (R_(B)∥ID_(B)) sent from the data receiving unit 20 throughthe transmission path 30 connected to the input/output interface 16(step S11), it generates random number R_(A) of m bits to determinefirst authentication information Token AB by the operation (arithmetic)processing expressed below.Token AB=RA∥MAC(K _(AB) , R _(A) ∥R _(B) ∥ID _(B))to transmit the first authentication information Token AB to the datareceiving unit 20 through the input/output interface 16 (step S12). Inthis case, MAC is Message Authentication Code prepared by the systemdescribed in ISO/IEC 9797. As cryptographic function, DES is used. Inaddition, K_(AB) is secret information shared between the datatransmitting unit 10 and the data receiving unit 20. Namely, K_(AB) iskey for equipment given from the key management organization asdescribed above.

When the CPU 22 of the data receiving unit 20 receives the firstAuthentication information Token AB from the data transmitting unit 10(step S22), it individually calculates MAC by using K_(AB), R_(A),R_(B), ID_(B) (step S23) to confirm or verity that MAC is incorrespondence with received MAC (step S24). If MAC is not incorrespondence with the received MAC at this step S24, the CPU 22 of thedata receiving unit 20 judges that the data transmitting unit 10 isunfair equipment to complete Authentication/key shared protocol.

Then, the CPU 22 of the data receiving unit 20 generates random number Sof m bits to determine second authentication information Token BA by theoperation (arithmetic) processing as described below.Token BA=S∥MAC(K _(AB) , R _(B) ∥R _(A))to send the second authentication information Token BA to the datatransmitting unit 10 through the input/output interface 24 (step S25).It is to be noted that it is sufficient that the above-mentioned randomnumber S is not m bits which are the same as the random number R_(B). Inthis example, at the CPU 22 of the data receiving unit 20, high order mbits of MAC (K_(AB), S) are used as temporary key which will bedescribed below.

When the CPU 12 of the data transmitting unit 10 receives the secondauthentication information Token BA from the data receiving unit 20(step S13), it individually calculates MAC by using K_(AB), R_(A), R_(B)(step S14) to confirm or verify that MAC is in correspondence withreceived MAC (step S15). If MAC is not in correspondence with thereceived MAC at the step S15, the CPU 12 of the data transmitting unit10 judges that the data receiving unit 20 is unfair equipment tocomplete authentication/key shared protocol. On the other hand, if MACis in correspondence with the received MAC at this step S15, the CPU 12of the data transmitting unit 10 authenticates that the data receivingunit 20 is proper equipment to use high order m bits of MAC (K_(AB), S)as temporary key which will be described below.

It is to be noted that while high order m bits of MAC (K_(AB), S) areused as the temporary key, it is not required that the number of bitsthereof is the same as the number of bits m which is the same as therandom number S.

Then, the CPU 12 of the data transmitting unit 10 ciphers exchange keyKx by the temporary key by using, e.g., DES cryptographic function totransmit the ciphered exchange key Kx to the data receiving unit 20through the input/output interface 16 (step S16).

Then, the data receiving unit 20 decodes, by the temporary key, by usingDES decode function, ciphered exchange key Kx sent from the datatransmitting unit 10 to obtain exchange key Kx (step S26).

The data receiving unit 20 in this data transmission system cancalculate, similarly to the data transmitting unit 10, contents key Kcfrom exchange key Kx and time change value Nc obtained by executingauthentication/key shared protocol between the data receiving unit 20and the data transmitting unit 10 and constant (Cb in this example)corresponding to duplication control information of data packet, and canthus decode data by using such contents key Kc.

In this data transmission system, after authentication/key sharedprotocol is executed, data transmission is carried out in accordancewith procedure as shown in the flowchart of FIG. 7. The processingprocedure of the data receiving unit 20 side in this data transmissionsystem is shown in the flowchart of FIG. 8 and the processing procedureof the data transmitting unit 10 side is shown in the flowchart of FIG.9.

Namely, the CPU 22 of the data receiving unit 20 which has obtainedexchange key Kx by the authentication/key shared protocol then requestsdata transmitting unit 10 to send current time change value Nc (stepS30).

When the CPU 12 of the data transmitting unit 10 receives this Ncrequest (step S40), it transmits current time change value Nc to thedata receiving unit 20 in accordance with this request (step S41), andthe data receiving unit 20 receives this time change value Nc (stepS31).

The data receiving unit 20 confirms whether or not the least significantbit of time change value Nc sent from the data transmitting unit 10 andOdd/Even bit in the data packet are equal to each other, whereby whenboth values are equal to each other, it calculates contents key Kc fromthe time change value Nc, the exchange key Kx and the constant Cb (stepS32). In the case where the least significant bit of the time changevalue Nc and Odd/Even bit in the data packet are not equal to eachother, the data receiving unit 20 judges that the contents key Kc hasbeen already updated to take, as new time change value Nc, valueobtained by incrementing time change value Nc sent to calculate contentskey Kc.

In this example, after time change value Nc is sent from the datatransmitting unit 10 to the data receiving unit 20 in accordance withthe Nc request, since the data transmitting unit 10 and the datareceiving unit 20 recognize that updated value of the next time changevalue Nc is value obtained by incrementing current value, it is possibleto calculate contents key Kc used next in advance.

Then, the data transmitting unit 10 ciphers contents data such as videodata or audio (speech) data, etc. by cipher key (contents key Kc) tostore the ciphered contents data into data field of isochronous packetto sequentially transmit such data along with Odd/Even bit whichprovides time change information stored in the header of thatisochronous packet and duplication control information of contents data(steps S42, S43).

Namely, at the data transmitting unit 10, setting state of Odd/Even bitcorresponding to, e.g., time change value Nc is judged (step S41A). WhenOdd/Even bit=0, ciphered data obtained by ciphering contents data bycontents key Kc (Odd key) corresponding to Odd/Even bit=0 is transmitted(step S42). On the other hand, when Odd/Even bit=1, such a processing iscarried out to transmit ciphered data obtained by ciphering contentsdata by contents key Kc (Even key) corresponding to Odd/Even bit=1 (stepS43). Further, whether or not transmitting processing is completed isjudged (step S44). If its judgment result is NO, i.e., transmittingprocessing is not completed, whether or not updating timing of timechange value Nc is provided is judged (step S45). When updating timingis not provided, the processing returns to the judgement processing(step S41A) of setting state of the Odd/Even bit without updating timechange value Nc. When updating timing is provided, the time change valueNc is incremented to thereby update it and to update Odd/Even bit (stepS46). Thus, the processing returns to the judgment processing (stepS41A) of setting state of the Odd/Even bit to thereby repeatedly carryout transmitting processing (step S42) of ciphered data obtained byciphering contents data by contents key Kc (Odd Key) corresponding tothe Odd/Even bit=0 and transmitting processing (step S43) of ciphereddata obtained by ciphering contents data by contents key Kc (Even key)corresponding to Odd/Even bit=1.

Further, when there results YES of judgement processing (step S44) as towhether or not the transmitting processing has been completed, i.e.,completion (end) of transmitting processing, processing of datatransmission mode is completed.

When the data receiving unit 20 receives ciphered data sent from thedata transmitting unit 10 in a manner as stated above, it decodes databy using the calculated contents key Kc (steps S33, S34).

Namely, at the data receiving unit 20, whether or not completion (end)of reception is carried out is judged (step S35) every timereceiving/decode processing of ciphered data is carried out (steps S33,S34). When its judgment result is NO, i.e., completion (end) ofreception does not result, whether current timing reaches update timingof time change value Nc (step S36). When current timing is not theupdate timing, the processing returns to the calculation processing(step S32) of the contents key Kc without updating the time change valueNc. When current timing reaches the update timing, the time change valueNc is incremented to thereby update it (step S37). The processingprocedure returns to the calculation processing (step S32) of thecontents key Kc to thereby repeatedly carry out receiving/decodeprocessing (step S33) of ciphered data corresponding to the Odd/Evenbit=0 and receiving/decode processing (step S34) of ciphered datacorresponding to the Odd/Even bit=1.

The data receiving unit 20 decodes data by using the calculated contentskey Kc, thereby making it possible to enable or inhibit recording ofdata in correspondence with duplication control information stored inthe data packet.

It is to be noted that while, in the above-described embodiment,explanation has been given in connection with the data transmissionsystem where the number of data receiving units 10 is one, thisinvention can be applied as it is also in the case where plural datareceiving units exist.

In the data transmission system of such a configuration, e.g., in thecase where duplication control information of packet header of datapacket is transmitted at “11” signifying copy inhibit from the datatransmitting unit 10 side, when there is duplication control informationaltering attack in transmission so that duplication control informationis altered to “10” indicating permission of once copy, contents key Kcis calculated by using constant Cb corresponding to duplication controlinformation “10” of this data at the data receiving unit 20 side whichhas received this packet to decode contents data by using this contentskey Kc.

Since cryptography of contents data at the data transmitting unit 10side is carried out by contents key Kc calculated by using constant Cacorresponding to duplication control information “11”, data obtained asthe result of decoding at the data receiving unit 20 side becomesinsignificant data. Namely, since data appearing at the data receivingunit 20 is not original contents data, if such data is recorded, thereis no meaning. Therefore, there is no possibility that generationcontrol of copy may be demolished or corrupted.

Moreover, in this data transmission system, since time change value Ncis caused to act on the contents key Kc, such time change value Nc isfrequently changed, thereby making it possible to limit quantity of datato be ciphered by using the same cipher key. Thus, the possibility ofdecipherment can be lessened.

Further, updating of time change value Nc is carried out by increment tocarry out transmission in the state where value corresponding to timechange value currently used is stored in the data packet, thereby makingit possible to easily recognize updating of time change value Nc at thedata receiving unit 20 side, and the data transmitting unit 10 and thedata receiving unit 20 can both calculate correct contents keys Kc inadvance.

Thus, there is no necessity that the data receiving unit 20 inquirestime change value Nc with respect to the data transmitting unit 10 everytime updating of time change value Nc is provided. Thus, suppression ofquantity of communication as the entirety of the system andsimplification of control software can be realized.

In addition, since one directional function in which it is difficult todetermine input from output is used in calculating contents key Kc, evenif the above-mentioned contents key Kc is revealed, there is nopossibility that constant corresponding to exchange key Kx and/orduplication control information may be unfairly determined. Accordingly,even if a certain contents key Kc is revealed, there is no possibilitythat contents data ciphered by using different contents key Kc may bedeciphered.

As described above, in the preferred embodiment of this invention, incarrying out unidirectional transmission of data from the datatransmitting unit to the data receiving unit, such an approach isemployed to generate cipher key by first information shared in secretebetween the data transmitting unit and the data receiving unit, secondinformation derived from duplication control information of transmitdata and third information serving as time change information sharedbetween the data transmitting unit and the data receiving unit to cipherdata by using such cipher key to transmit, from the data transmittingunit, transmit data in which the duplication control information and thetime change information are added to the ciphered data. Thus, the datareceiving unit side receives ciphered data in which duplication controlinformation and time change information are added, which is sent fromthe data transmitting unit, to generate cipher key by first informationshared in secret between the data receiving unit and the datatransmitting unit, second information derived from duplication controlinformation of the received data and third information serving as timechange information shared between the data receiving unit and the datatransmitting unit, thus making it possible to decode the received databy using this cipher key.

As stated above, such an approach is employed to allow secondinformation derived from duplication control information of the transmitdata to act on cipher key of transmit data, whereby in the case whereduplication control information is altered by duplication controlinformation altering attack during transmission, since cipher keycalculated on the basis of the second information corresponding toduplication control information of data received at the data reproducingunit side is different from cipher key used at the data transmittingside, received data cannot be normally decoded, resulting in nopossibility that generation management of copy would be demolished orcorrupted.

Moreover, since time change information is caused to act on the cipherkey, this time change information is frequently changed, thereby makingit possible to limit quantity of data ciphered by using the same cipherkey. Thus, the possibility of deciphering can be reduced.

Further, updating of time change information is carried out by incrementand transmission is carried out in the state where value correspondingto time change information currently used is stored in the data packet,thereby making it possible to easily recognize updating of time changeinformation at the data receiving unit side, and the data transmittingunit and the data receiving unit can both calculate in advance correctcipher key. Thus, there is also no necessity that the data receivingunit inquires time change value Nc with respect to the data transmittingunit 10 every time updating of time change information takes place.Accordingly, suppression of quantity of communication as the entirety ofthe system and simplification of control software can be realized.

In addition, since one directional function in which it is difficult todetermine input from output is used in calculating the cipher key, evenif the above-mentioned cipher key is revealed, there is no possibilitythat first information shared in secrete between the data transmittingunit and the data receiving unit and/or second information correspondingto duplication control information may be unfairly determined.Accordingly, even if a certain cipher key is revealed, there is nopossibility that data ciphered by using different cipher key may bedeciphered.

1. A data transmission method comprising: at a data transmitting unit,adapted to select a desired channel of a satellite digital multi-channelbroadcast signal, cipher key is generated on the basis of firstinformation shared in secret between the data transmitting unit and adata receiving unit, second information derived from duplication controlinformation of data and third information which is time changeinformation shared between the data transmitting unit and the datareceiving unit to cipher data by using the cipher key to transmittransmit data in which control information based on the duplicationcontrol information and the time change information is added to theciphered data; and at the data receiving unit, the control informationadded and ciphered data sent from the data transmitting unit is receivedto generate cipher key on the basis of first information shared insecret between the data receiving unit and the data transmitting unit,second information derived from the control information of the receiveddata and third information which is time change information sharedbetween the data receiving unit and the data transmitting unit to decodethe received data by using the cipher key.